From d0625a001e5f8fe202865bec7aadcf0c551d556d Mon Sep 17 00:00:00 2001 From: Gusted Date: Sat, 30 Sep 2023 22:16:47 +0200 Subject: [PATCH] [GITEA] Make atomic ssh keys replacement robust - After stumbling upon https://github.com/golang/go/issues/22397 and reading the implementations I realized that Forgejo code doesn't have `Sync()` and it doesn't properly error handle the `Close` function. - (likely) Resolves https://codeberg.org/forgejo/forgejo/issues/1446 (cherry picked from commit 0efcb334c2f123d0869a30d684189eb31e8b983f) (cherry picked from commit 04ef02c0dd98c7437acb39383d311c0901366508) (cherry picked from commit 85f2065c9bc6ded9c21909ec76a9e8fc2d22f462) (cherry picked from commit 8d36b5cce66864e190bad3c9b0973e37ca774a22) (cherry picked from commit 378dc30fb5a88ffe185c54de7e69224289038bff) (cherry picked from commit 2b28bf826e51b8ccb4a693001c03ffe6132f7842) --- models/asymkey/ssh_key_authorized_keys.go | 7 ++++++- models/asymkey/ssh_key_authorized_principals.go | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/models/asymkey/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go index 267ab252c8..2b15450c98 100644 --- a/models/asymkey/ssh_key_authorized_keys.go +++ b/models/asymkey/ssh_key_authorized_keys.go @@ -169,7 +169,12 @@ func RewriteAllPublicKeys(ctx context.Context) error { return err } - t.Close() + if err := t.Sync(); err != nil { + return err + } + if err := t.Close(); err != nil { + return err + } return util.Rename(tmpPath, fPath) } diff --git a/models/asymkey/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go index 107d70c766..f3017c3089 100644 --- a/models/asymkey/ssh_key_authorized_principals.go +++ b/models/asymkey/ssh_key_authorized_principals.go @@ -92,7 +92,12 @@ func RewriteAllPrincipalKeys(ctx context.Context) error { return err } - t.Close() + if err := t.Sync(); err != nil { + return err + } + if err := t.Close(); err != nil { + return err + } return util.Rename(tmpPath, fPath) }